HackDig : Dig high-quality web security articles for hacker

More and more cameras are watching us from the sky. And no, they don’t belong to the police or some intelligence agency, but to your neighbors. Unmanned aerial vehicles are becoming a more common sight, and there is no shortage of people wanting to fly their small camera-equipped drones to get the perfect shot.

Despite the many good uses of these flying machines (crop inspection, rescue missions, crime fighting, etc.), drones can also pose a security threat as they are difficult to detect and neutralize.

A few days ago, the U.S. Secret Service opened an investigation after finding a small recreational quad copter in the grounds of the White House. Despite the machine was operated by a government employee and not a criminal, the incident raised a lot of concerns as it came just four months after another incident in which an intruder managed to jump over the perimeter fence of the presidential mansion.

U.S. authorities (who have been using unmanned aircrafts in military operations for years now) are increasingly worried about the fact that drones could be used by criminals or terrorists to launch attacks with explosives or chemical weapons.

At the beginning, drones were restricted from flying near other aircrafts, airports or populated areas (in Spain, for example, drones must stay at least 8 kilometers (5 miles) away from an airport). However, the proliferation of domestic drone use is raising new concerns for privacy and security. Can small drones be used for small-scale espionage?

DJI Technology Co., the Chinese maker of the device that crashed on the lawn of the White House, and one of the leading makers of consumer drones in the world, has announced it has plans to change software on its drones to prevent them from flying over Washington. Additionally, the company also plans to disable its drones from crossing national borders after police discovered a DJI drone that apparently crashed while attempting to carry drugs into the U.S.

But, are drone manufactures taking enough measures to prevent cyber-criminals from manipulating their software? According to ‘The Wall Street Journal’, cyber-security experts have warned that drone no-fly zones are relatively simple for computer programmers to deactivate. “There’s more stuff that the industry can be doing as a whole to improve the overall security,” DJI spokesman Michael Perry said.

There are actually reasons to be concerned, as shown by the appearance of the first ever backdoor malware for drones: Maldrone. Security expert Rahul Sasi has discovered and exploited a ‘backdoor’ in Parrot AR, one of the most popular drone models. A backdoor malware can infiltrate target computers, appearing to be harmless, and take control of a drone by interacting with its sensors and serial ports. Rahul Sasi has even published a video proof-of-concept to demonstrate its efficiency.

“After the connection is established, we can interact with the software as well as the drivers/sensors of the drone directly. There is an existing AR drone piloting program. Our backdoors kill the autopilot and take control,” explained Sasi.

This security expert is not the only one concerned about the existence of security holes in drones. Hackron, a cyber-security congress recently held in Santa Cruz de Tenerife (Spain), challenged participants to hack into a drone, with a 200-euro prize for the winner.

What would happen if cyber-criminals set their sights on drones? Are drone manufacturers taking precautions? Although we’ll still have to wait before we can answer these questions, it seems clear that cyber-security risks are no longer just limited to computers and smartphones. In the case of cyber-criminals, the sky is not the limit…